To use Cyware you must have cookies enabled. By Registering or Signing in, you agree to our Terms and Privacy Policy. You can also signup using Google Account. We will not use your credentials to import contacts or post anything on your account without your permission.For more info, please see Login FAQ.

Affected Instagram users reported they were unexpectedly logged out of their accounts and their personal details were altered.

Many reported that their associated email address was changed to one with a Russian domain.

Hundreds of Instagram users reported experiencing that their accounts have been hijacked and personal details altered. Starting earlier this month, an increasing number of users reported that they were unexpectedly logged out of their accounts and their handles, avatars and bio details have been tweaked.

Upon attempting to reset their passwords, many discovered that the email address linked to their account was changed to one with a .ru domain.

However, affected users reported that there were no new posts created or older photos deleted from their hijacked accounts. In some cases, users’ profile photos were replaced with film stills from Disney or Pixar movies, BBC reported.

Hundreds of irate user reports

Many victims took to social media to voice their concerns and vented their frustration over account-recovery process being largely unsuccessful.

“My account was hacked! Everything was reset so I can't reset the password. It might have been disabled. Received an email to reset password but it goes to an error page. Cmon Instagram! Don't leave us hanging like that! I want my account back!” one user posted to Instagram's Twitter account.

Is a spam botnet being built?

However, the mass hijacking did prompt concerns of the preparators likely building a botnet.

“Although no one seems to know for sure, I assume the hacked accounts were intended to be used as spambots,” Paul Bischoff, a privacy advocate at Comparitech.com told Threatpost. “Even if some victims regain control of their accounts, many of those affected have likely quit the platform or just won’t go through the trouble, adding soldiers to the spambot army.”

Rise in SIM hacking

Some Instagram users reported their accounts were hijacked despite having two-factor authentication enabled.

This could be due to the growing new form of online theft - SIM hacking - that involves hackers illegally gaining access to a user’s phone number by tricking a telecom customer service agent into reassigning a phone number to a new SIM card. The attackers can then use the phone number and typical account recovery and SMS-based 2FA processes to reset Instagram, Twitter, Amazon or other accounts. This method could also be leveraged to hijack authentication codes for banking transactions as well.

Russian link

Although the hijacked accounts were linked to Russian email addresses, some experts speculate that this could indicate the perpetrators are linked to the country or could just be a red herring.

“Having a hacked account associated with a Russian email address may well signify that the attacker is a resident of that country, but it certainly not a foregone conclusion,” Comparitech security researcher Lee Munson said. Email addresses are easily spoofed, either to conceal identity or to encourage finger-pointing toward the wrong place.”

Instagram said it is “aware that some people are having difficulty accessing their Instagram accounts” and is currently investigating the issue. The social media firm did not specify how many accounts have been affected or offer any details on the cause of these attacks.

The company has urged users to review their security settings and enable 2FA on their accounts.

The incident also happens to come after the firm confirmed in July that it is building a stronger 2FA that will not utilize users’ phone numbers.

"We’re working on additional two-factor functionality with more to share soon," the company said.

Who we are

Cyware is a first-of-its-kind, comprehensive cyber situational awareness platform, designed to help you stay informed about the latest happenings in the cyber world with expertly curated news stories and updates.

Our Technology

Let IBM's Watson Find the Right News For You

The cyber threat landscape is changing rapidly, and cybersecurity news has claimed its spot on the front pages in recent months. It's not easy to find the right information from tens of thousands of cyber news articles and feeds published every day. Our machine learning based curation engine brings you the most relevant cyber content based on your needs.

Receive Daily Cyber News in Your Inbox

From the latest cyber security trends and innovations to new malware, vulnerabilities and threat intelligence, we bring you the most up-to date and relevant cyber updates and news alerts.